Packet dumps at your edge would likely be helpful to your diagnosis.
At your firewall (or other edge appliance) you are seeing successful UDP from a
high port on your system (DNS client) to port 53 on the server and a reply in
the opposite direction. You are not seeing success from an external client
high port to 53 to on your server.
The two operations are absolutely disjoint when you deal with firewall tuples.
Hope this helps,
Len
>________________________________
> From: Daniele <d.imbrog...@gmail.com>
>To: bind-users@lists.isc.org
>Sent: Monday, January 14, 2013 1:44 AM
>Subject: Re: lame-servers: error (FORMERR) resolving [something]
>
>
>What tests should I do?
>If I query directly an external name-server (one of the root ones or 8.8.8.8
>for example) I receive the correct response.
>For this reason I'm inclined to think that the router doesn't block packets
>to/from port 53.
>Why should it block packets generated by BIND9?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
